PS3 Root Key Found

An anonymous reader writes "The PlayStation 3 'root key' used for code signing has been found by GeoHot. This enables running homebrew without the need for psjailbreak-style USB-devices, and also provides hope for those at firmware version 3.55 that currently cannot be downgraded. The key also cannot be changed without hardware modifications. Oops."

Re:No sympathy for Sony

[greg1104]

One problem is that because the capability has been removed from all current models, if your early model breaks you could easily find yourself in a situation where it's not feasible to replace. Another is that since they dropped the feature, work on adding support for more games stopped too.

Another thing on the bait and switch pile is Sony's support for SACD. That was also available in the early models, then cut from the later ones. While it theoretically still works for people who have older units, the firmware isn't very good, and because they dropped the feature they also stopped development on improvements to that. So people who bought their PS3 expecting that to work right as a long-term capability have also been screwed.

Re:Dear Sony....

[PhunkySchtuff]

From memory, what happened is that with the OtherOS, Geohot was able to outline a proof of concept to run arbitrary code on the PS3.
He didn't release much, and nothing he released would have directly facilitated piracy - there were no keys exposed for instance.

Sony, in a knee-jerk reaction, promptly issued a software update that removed OtherOS support altogether - even though Geohot's work was just a proof of concept.

This is when the real work then started to get back what was once there - and in the process through discovering these keys, this has now opened the doors to piracy on the system.

If Sony had have kept OtherOS in there and instead done something like fixed the flaw in the hypervisor that allowed Geohot's exploit to work, or just ignored it and moved on, it's arguable that no one would have bothered to put in the effort they have recently to discover the crypto keys.

Re:Same private key?

[anethema]

Explaining can be good, but geohot is from the iPhone world. There, as soon as you released details on your exploit, Apple would patch it if possible. In one case they spun new hardware mid-cycle to patch a bootrom exploit on the 3GS.

Since geohot was able to release the keys (to the kingdom) without tipping his hand in this case, is it really bad?

Would it not be possible that Sony patches whatever exploit you guys used and detailed, added a whitelist for games under the current signature, and began using a new one, possibly nullifyng much of the work you guys have (brilliantly) done?

Is the way geohot did it (using your work again, totally with you guys there for credit) not better for the community in the long run, where now unless Sony finds the vulnerability he got in through he can keep providing these keys no matter what Sony does?

Hell Sony may even reuse hardware/firmware from the PS3 in the PS4 and geohot may again be able to get in and provide keys, or at least have a jumping off point.

Again, no knock on you guys, full disclosure is cool for nerds sake, its great to know all that stuff, but the way we do it in iPhone world is always trying to do whats better for the community/users. Not tipping your hand on the exploit used may be the way to go here.

Re:GeoHot did NOT find the root signing key.

[Anubis IV]

His website was changed. Only after he was asked, as was pointed out in other comments here by folks from fail0verflow, did he give credit where it was due.